like
all the comments discussion whether or not it was apple responsibility, saying jailbreak is bad should be eliminated etc.

My conclusion
Apple doesn’t have to take any responsibility for this worm or any other that affects jailbroken iphones.
Because the user intentionally takes all of those protections implemented by apple in order to “jailbreak”. Dont get me wrong i think the jailbreak is the best thing that could have happened to the iphone

Is the Users responsibility to make sure he/she knows all the risks and possible vulnerability

Now that this worm showed what they were capable of, unconscious jailbroken users will or maybe will not change their root passwords. It is their own fault if they don’t take security measures (in this case changing the default root password, or turning off ssh)

I would like to add also, that its not the jailbreak itself that makes the iphone vulnerable to this worm, you have to download and install open ssh from cydia, and as i said before just by changing the default root password YOUR IPHONE WILL BE SAFE AND INVULNERABLE to these attacks

Also its not like Apple is not trying to kill the jailbreak
look at the new iphone 3gs and ipod touch 3g they both killed the 24Kpwn bootroom exploit, they also implemented a new system of ECID checks which only allow ipsws signed by apple servers to be installed into the iphone/ipod

Finally i will make a silly comparison
being attacked by this worm, would be like you turning off the firewall of windows and any other protection

I know is a silly comparison but you can see my point

“never had any complaints either to the Dev-Team, nor Apple”
Neither did I

Sorry dunuck, I mean God. I would say you don’t get too much respect out there in the real world, do you? Telling us all to “shut the !@#$ up” and then letting us all hear what you have to say. Wow man..I mean WOW!! Way to go!!

I’ve JB’n my iPhone sense the 1G and never had any complaints either to the Dev-Team, nor Apple. You need some therapy dunuck. Your one, anger fueled, control freak.

You all sound like f**king old noobs, whining jailbreak is bad hack hack the other bla blah blah

I have a jail broken iphone 3gs and an ipod touch 2g

and they are just as safe from this attacks, as your precious unhacked iphones/ipods

wait what? come again
just by changing the default root and mobile password, my ipone and ipod became invulnerable to this attacks

How ?
tutorial howto change root password:

1.Get Mobile Terminal from Cydia

2.Open Mobile Terminal and type the following:
su (press return)

-type root (press return)

– the terminal will ask for password – type alpine (this is the default root password);

passwd (this command changes active user password, we are with root user now so it will change root user password), then type your new password and confirm it

(repeat the same process for changing the mobile password)

I knew that was iphone is vulnerable for attacks when I have opened SSH port and default root password, every attacker can do everything this is why i changed the password. This is the most efficient way to protect your phone. Cracking the new password on the iphone will be nearly impossible

n addition to changing the user passwords for your iPhone, another good security measure is to use one of the jailbreak apps like BossPrefs or SBSettings to have a toggle that will disable SSH when not in use

That’s it
The jailbreak is the most wonderful thing that could have happened to the iphone/ipodtouch

you have access to tons of useful apps that would never be available on the appstore, like

winterboard: lets you create and use different themes for the iphone/ipod

SBSettings: is a jailbreak application
that brings various toggle switches directly to iPhone’s home screen that are available in the Settings app.
quicker way to manage iPhone settings such as disabling or enabling features like Wi-Fi, Bluetooth, 3G

-backgrounder (multitasking)

-3G unrestrictor: under the 3g network it lets you download files longer than 10mbs, watch hd youtube videos, make voip calls etc.

-yourtube: a useful plug-in for the youtube app, that lets you download and manage your videos

-ifile lets you browse your entire file directory, watch mov,mp4,3gp videos, photos and much more

-cycorder: video recording application for the iphone 2g and 3g

-Categories: If you happen to be an app junkie like me, you would know how overwhelming all those icons spanning across five, ten or even more springboard pages can be. This app, which is simply and appropriately called ‘Categories’, allows you to fix just that… it lets you categorize all your apps into nice tidy folders

- emulators: gameboy advance, snes, psx etc

-installous/appsync: these tools allows you to download,install and sync with itunes pyrated paid apps
(i admit it, 98% of my apps are pirated apps, i have like 300% worth of cracked apps)

And many others useful apps

ohh did i forget to metion
that with the jailbreak you have access to a tool called ultrasnow, and balcksnow which lets you unlock your iphone

meaning: you can use it with any GSM network IN THE WORLD. pretty cool right?

How does Microsoft respond if you install a hack that disables WGA?

How has the “community” responded to Apple updating the firmware to reduce the chance of exploits?

“They’re just trying to stop us using our phones when and where we want!”

Seems to me they’re trying to stop OTHER users from using your phone when and where you don’t want.

Just a thought.

My problem with all this has nothing to do with whether the phone can be hacked or not. It’s the tone of Apple’s response to all this. I truly don’t believe that any high tech company can afford to just push blame for security back on the end user. That path leads to the fears that Windows users face today and does nothing to reassure pensive enterprise buyers that iPhone (and through association the OS it’s based on) is too much different from the other security nightmares they face on a daily basis.

Maybe I just expect more of Apple because they are – Apple. They won me over many years ago with product design, incredible usability and attention to detail that caught the whole industry off guard. That’s the Apple I expect to see step up and show us how secure technology can be. Do I expect every product to be perfect – no. Do I expect Apple to handle the issues around security better then Microsoft – heck yeah.

My comment is about Apple’s response to this issue. It’s their reputation on the line. They need to be mindful of that and make sure that they are not perceived of being dismissive of a problem that has plagued the PC business for decades. There are a lot of twitchy reactions to security issues. Cupertino has a window where they can be seen as understanding this and taking it to heart. If they miss that then they will have a harder time convincing people that they take this as seriously as they should.

Your analogy is not 100%. It’s more like people being afraid that someone else (drunk or not) can control their cars after they open the door. That’s pretty much what’s happening with the folks who jail break their iPhones. Unless they are very aware of system security (which I would guess the majority of them are not or this worm would have no chance as all the default passwords would have been changed) then they don’t know how to protect themselves now that the controls that Apple did provide no longer function.

I guess my point was that it’s not really great for Apple’s image to have a phone that’s hackable then blame people for hacking it. After all, it’s Apple’s reputation at risk here as most people won’t read passed the headlines that are shouting about worms on the iPhone.

Once a product gets that reputation it’s a very hard thing to turn around.

Just because a vulnerability lets you unlock your device, it isn’t suddenly not a vulnerability.

I work in the computer security industry so maybe I’m more cynical than most about this kind of dismissive response. The truth is that Apple’s iPhone is out there, has a ton of limelight shining on it and it might be better PR for Cupertino to be seen to be acknowledging the risk and planning to fix it rather than pointing fingers and blaming customers. After all it’s not a big stretch to think that maybe Apple should be making the iPhone hack proof, like we’ve been asking MSFT to do to Windows all these years?

For most users this isn’t an issue but the security teams inside enterprises take this kind of thing very seriously. Getting a bad rep, deserved or not, with those guys can cause serious adoption issues down the road. This is the main reason why most large corps require solutions like GoodLink for mobile users as it lets them impose strict policies for security.